TRENDING

EDITORIAL

Risk vs. responsibility

By Thomas R. Temin

Nov 06, 2001

Thomas R. Temin

Who is responsible when IT projects go south, wasting hundreds of thousands or millions of public dollars?

For years, CIOs, program owners and contracting shops have tried to devise procurement strategies that shift risk to vendors or distribute the risk more evenly between the vendor and the government agency.

Share-in-savings or share-in-new-revenue contracts are the most visible form of risk-shifting. They are at the opposite end of the spectrum from, say, traditional cost-plus projects. Another form of risk mitigation is breaking projects into small enough bites so that any one contract gone bad doesn't sink the whole thing.

Balancing assignment of risk is a wise policy. But it doesn't really answer the question of who is responsible.

Carolyn Purcell, the Texas CIO, has the answer in no uncertain terms. 'You can't contract out the responsibility for the project,' she says in this issue's cover story on the crisis in contracting. Vendors frequently fail financially or in their promises, but ultimately it is the government's responsibility.

Yet, as we report, fewer than one in four projects succeeds, if by success you mean conformance to budget, timetable and function. The costs nationwide add up to the billions. This will be all the more painful as the fat years of state surpluses recede into the past.

As a start on a more successful approach to IT projects, officials must accept the responsibility, even when much of the risk is shifted to vendors. Experts who have studied project failures offer this additional take-home pay:

Get up-front help from a reputable consultant'one that won't bid on the project'to map out requirements and vendor selection strategy. Then write a competent request for proposals.

Build in firewalls against scope creep and change orders, two surefire project killers.